I am the Domain Administrator. Is there a way I can log on to a workstation, as a User, without knowing their password?
I know I can reset the user password from Active Directory. But say I did this, how can I put their old password back after I've temporarily reset it to something I know?
EDIT:
It's a nice thought to think we can configure everything through group policy, and that users are even smart enough to complete basic first-time use wizards.. but this is a reality question, not a theoretical one. I agree with you, but when I'm asked to configure outlook on a users desktop, I will honour their request without argument.
And of course, this is ethically obtaining access, whilst the end user is on the phone to me.
Best Answer
Imho - The best solution would be to use a client management tool that allows you to remotely overtake a running user session for the time of fixing the tech problem (*).
You would call the user first, and ask him/her to make sure to close all open programs/windows that may underly restrictive access limitations by company laws, plus - if private usage of the company computers is allowed - to close all programs/windows that may be related to that. Furthermore, the management tool will inform your user about your takeover by a message like: "Do you want to allow admin-xyz to gain control over your desktop?", and the user needs to Ok that. Another good thing about that kind of software is, that the user can see what you are doing on its machine. Much more transparent than 'fixing things in the dark'.
I also totally agree to nhinkle's comment - do not ask your users for their passwords! One thing is the mentioned social engineering factor, the other one is that you need to protect yourself from heart attacks by knowing to what kind of amazing passwords your users rely to..